<?php
error_reporting(E_ALL);
require_once("config.php");
require_once("securitylib.php");
require_once("querylib.php");
require_once("templatelib.php");

session_start();
$_SESSION['sitecheck'] = "ok";

mysql_connect($config_mysql_host, $config_mysql_user, $config_mysql_pass);
mysql_select_db($config_mysql_name);
$prefix = $config_mysql_prefix;

// check for logged in
$loggedin = false;
$userinfo = array();
if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == "true")
{
	$loggedin = true;
	$userinfo = $_SESSION['userinfo'];
}

// login code
if (isset($_GET['login']))
{
	$username = addslashes($_POST['username']);
	$password = addslashes($_POST['password']);
	$loginquery = "select id, username, realname, email, usergroupid from $prefix" .
		"users where username='$username' and password=MD5('$password');";
	$userinfo = query_to_hash($loginquery);
	
	if ($userinfo === false)
	{
		$_SESSION['loggedin'] = "false";
		$_SESSION['userinfo'] = "false";
		$loggedin = false;
	}
	else
	{
		$loggedin = true;
		$_SESSION['loggedin'] = "true";
		$userlevel = query_to_hash("SELECT name as group_name, type as group_level FROM `dcms_usergroups` WHERE id = $userinfo[usergroupid];");
		$userinfo['group_name'] = $userlevel['group_name'];
		$userinfo['group_level'] = $userlevel['group_level'];
		$_SESSION['userinfo'] = $userinfo;
	}
}

//logout code
if (isset($_GET['logout']))
{
	$_SESSION['loggedin'] = "false";
	$_SESSION['userinfo'] = "false";
	$loggedin = false;
}
?>